Keeping 1000 devs focused: new Debian leader speaks

Ten days back, the new leader of the Debian GNU/Linux project, Stefano Zacchiroli, began his term as the only elected leader of a free software project. But that's not the only thing that makes Debian unique in the FOSS space.

The project has well over 1000 developers from all corners of the globe and, despite the arguments and debates that figure on its many mailing lists, still puts together a distribution that is top quality and caters to more architectures than any other.Zacchiroli, a post-doctoral fellow at a university in Paris, thus has a fairly tough task ahead as he begins his term. He took some time out to speak to iTWire about his plans for the year.

Congratulations on being elected. What does it feel like to be the leader of a group that has 1000+ developers and about 2000 opinions?

Thanks... but I don't think your numbers are fair. We do have different opinions on specific subjects sometimes, but not (yet) more than one per DD (Debian developer). In fact, I find that having different opinions and using democracy and do-ocracy to face them is one of the most interesting and distinguishing features of the Debian project.

Back to your question, my main feelings are: being honoured by the trust that others DDs have shown in me plus some excitement about the possibility of helping them enjoy their participation in Debian more. (There is also) a tiny, teeny little bit of fear over the responsibility.

In your platform, you said you intended to be a "present DPL both in discussions and as the responsible for the project agenda." What exactly do you mean by that?

I meant two different things. One was my intention to participate in most "big" discussions in the project, especially in case of conflicts. The DPL role has no specific authority to make decisions in several areas (most notably in technical matters), but should help in solving conflicts and, more generally, in facilitating interactions among developers.

Another related aspect is the DPL's responsibility of doing bookkeeping work. For instance, the DPL should take care about remembering that we need to have a specific discussion, in a specific timeframe. If nobody remembers to raise the issue before it's too late, the DPL should do that. This set of discussions-to-have is what forms the project agenda.

Again from your platform, you said you would provide more gradual and rewarding access paths to Debian. I take this to mean that you think the present way of accepting people as developers is too bureaucratic. What changes do you have in mind?

Actually no, that is not what I meant. I understand how our process might seem as more bureaucratic that those of other projects where, say, just advocacies are required. Notice, however, that our bureaucracy is mostly meant to check whether the applicant shares our founding principles and shares the promises we made to our users, i.e. the Debian Social Contract. The technical parts of our joining process can be (and often are) fast-tracked for people who have already proven their technical abilities, for instance having already contributed a significant amount of good work.

My point in the text you quoted was rather about the fact that for a long time, being a recognised contributor of Debian has been "all or nothing". In recent years, the situation has become much better with the introduction of Debian Maintainer, a status which is easier to obtain than full DD, and that enables one to work - uploading packages - in specific project areas. I think we should learn from this that there are contributors out there who are not interested in becoming full DDs, but which still want to help out, and deserve to be acknowledged for that.

I don't have any specific change to propose right now, but I know that we need to have a proper discussion to decide how to best acknowledge the existence of non-packaging contributors (web designers, translators, artists, etc.), who deserve to be recognised as members of the Debian project.

Another point you made in your platform was: "I will fight strong package ownership when it conflicts with quality." Obviously, this must have been based on some incident. Without naming people or packages, can you give an idea of how such situations pan out?

No specific incident, package, or person. Rather, the point is that we need to continue a cultural shift, which luckily is already happening.

In the very beginning there was no "Maintainer" field associated with Debian packages; adding it has changed the rules of the game. Suddenly people felt more responsible about their specific packages (which is good), but also became more resistant to changes performed by others (which is bad), and actions like non-maintainers uploads (NMUs) were sometimes seen as personal attacks rather than as attempts to help a fellow developer.

As anticipated, we've been getting much better in recent years. During recent NMU campaigns to fix Release-Critical bugs in view of Squeeze (our next stable release), all participants have reported to have received basically only "thank you" messages for every proper NMU.

Similarly, most Debian packages are nowadays maintained by teams which are easy to join and in which members can contribute by simply committing to some version control system.

That makes the shift from a distribution in which peers work side-by-side but on individual packages, to one in which everyone is equally responsible for the good quality of a release as a whole and should also care about the packages of others.

Do you have any specific plans to improve the communication between Debian and Ubuntu? Or will Debian, as one developer put it, end up being a packages supermarket for Ubuntu?

I think that the main goal here is to establish a sane - and rather typical of FOSS - upstream-downstream relationship between Debian and Ubuntu.

Technically, that means that we should tear down all barriers to exchange patches between the two distributions (and in both directions). The easier it is for a DD to review and selectively import Ubuntu patches, the better; it is probably the same for Ubuntu developers.

Socially, everybody should give credit where credit is due. To be blunt, I think that Ubuntu should acknowledge a bit more the fact that they are still Debian-based and that they periodically sync with Debian. It is public knowledge, but it is not yet advertised as, say, a free software developer would normally give credit to (a project that) accounts for about 70 per cent of the code he/she distributes.

On our side, we should acknowledge and advertise the existence of an Ubuntu patch flow, as well as avoid gratuitous Ubuntu bashing which sometimes can still be read on our mailing lists (even though it happens much less than in the past).

The final goal is to improve technical collaboration, as it is the overall quality of the free software we're packaging which is at stake.

Despite the fact that it is now pretty easy to install and use Debian, the impression still remains that it is a distribution for people with at least some UNIX knowledge. Do you think this is a good thing as Debian is still one of the most solid distributions in terms of stability, security and package management?

I'm tempted to propose an exchange interviewer-interviewee on this question and ask you "why do you have that impression?", but I'll refrain. I don't see any particular tension to "not require any UNIX knowledge to be used" and being a "stable/secure distro with solid package management". I believe we should be both, and, in fact, Debian aims to be more.

Nowadays all the ingredients that Debian needs to be a newbie-proof desktop environment are there (well, OK, there is the exception of things like non-free drivers and codecs, but that problem will be moot really soon now, when free software will finish taking over the world).

Actually, by choosing the "desktop environment" task at the end of the Debian installer you'll get a newbie-proof environment (which my parents use already), even though you'll be lacking a bit on the side of some packages that need to be installed - and possibly configured - by hand.

I think we just need some sane(r) defaults here and there, and maybe a bit of tuning of our task selection. If it is not at the level of desktop tuning of other more desktop-oriented distros, it is likely because among us (current) developers there are still more sysadmin-type guys than desktop-user-type-of-guys. It is normal that we, as a real do-ocracy, tend to mainly scratch *our* itches, but that can be easily changed, there are no major reasons not to. It just takes some motivated people willing to make a more newbie-friendly tuning and package selection to join Debian, and make it happen. We really are as open as that. Maybe some of the readers would like to join us and try?Or do you think that there could be some loosening of the structure which may result in a more glossy distro but one which may have to make some compromises on stability and security?

Let me reiterate: there is no mandatory compromise between being user-friendly, and being as stable and secure as Debian has always been. Our only compromise is that we aim at being as universal (i.e. for everybody and for every possible use case) as possible, so we will generally not trade off desktop user benefits with drawbacks to other usage scenarios.

That generality of ours can then be instantiated, however, by offering different profiles at the end of the installation. If "yours" is missing or suboptimal, it just takes "you" to join us and add/improve it. It is as simple as that.

Of course, an entirely different matter is how often we release. One can be (desktop) user-friendly and still release every 18 months. Being bleeding edge and being (desktop) user friendly are not necessarily the same thing. We really like to release "when it's ready", and I don't see that changing anytime soon.

Do you plan to put the Debian budget online in future so everyone can know how much you raise and how it is spent?

Let's first clarify that the Debian budget is split among different organisations worldwide, in order to reduce the cost of money transfers to buy stuff or to receive donations (which is the only source of income of the Debian project). That said, the main organisation which holds Debian money is SPI, which periodically publishes (public) minutes with details about all the money that goes in and out. Still, I'm not surprised by your question, as those minutes are not exactly easy to find on the web. (In fact, I've been pointed myself to those minutes, during this year's DPL campaigning, just after I claimed that they were not publicly available and that I intended to change that ...)

I do plan to improve that situation, disclosing publicly and in a more prominent place all the money we receive from donors and how we use it: it is just fair in a project as open as we are supposed to be.Debian has hundreds of highly talented developers who are unknown to the world at large. Any plans to organise some kind of publicity for these people? Or is the project more important than the individuals?

That's a great idea, thanks! In fact, the project and our ideals are both more important than the individuals, no doubt. Nevertheless it is interesting to highlight individuals, not really to "advertise" them, but rather to get them known more by fellow DDs that are possibly not into the typical Debian social media (IRC, mailing lists, blogging, etc.). As in all communities, the better we know each other, the better we interact and work together.

We've, in fact, already worked in the past on initiatives that highlight individuals. One that comes to my mind is the series of individual developer interviews that a fellow developer contributed to planet.debian.org for a while. That was a nice initiative, and I think we can do more in that direction, but focusing on the above goal, i.e. knowing each other better (which is really useful in a project of 1000s developers with 2000 opinions *g*).And finally, what kind of timeframe do you need to implement your plans?

Good question! I intend to work on my plans as much as I can during this year, balancing the other parts of my life: work, family, etc, as I'm still a volunteer. I believe quite some work can be done in one term, but we should better check this one year from now ...

CDAO SYDNEY TURNS 5 IN 2019

With 50+ Speakers, 300+ senior data and analytics executives, over 3 exciting days you will indulge in all things data and analytics before leaving with strategic takeaways that will catapult you ahead on your journey

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.